Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: [More...]

A vulnerability has been found and corrected in phpldapadmin: Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine [More...]

A vulnerability has been found and corrected in ASF APR: tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers [More...]

A File Inclusion vulnerability was discovered and corrected in GLPI. This advisory provides the latest version of GLPI (0.80.7) that is not vulnerable to this issue. [More...] _______________________________________________________________________

Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark (1.6.5 ) which is not vulnerable to these issues. [More...]

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate [More...]

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]

Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate [More...]

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version. [More Info...]